As enterprises IT infrastructures become more virtualized, cloud-based, and fast changing, traditional cyber security cannot adapt well to this trend since it is tied to static network identities and relies on stateful devices. One example is an IP based stateful firewall in a cloud; it will not perform as expected if any protected virtual machine has changed its IP address due to cloud operations.
The traditional approach to performing security configuration largely relies on manual work. In addition, since many security controls use assets' physical attributes in their configurations, when the assets' physical attribute changes, it requires a lot of manual work to identify other assets and controls that are impacted by that change and to modify relevant configurations. When a new device is added to the network or an existing device is removed, it also requires manual changes to security control configurations.